<?php
class Agitum_Controller_Plugin_Acl extends Zend_Controller_Plugin_Abstract
{
	private $_acl = null;

	public function preDispatch(Zend_Controller_Request_Abstract $request)
	{
//        printf( "Class: %s; Method: %s, File: %s; Line: %s<br/>\n", __CLASS__, __FUNCTION__, __FILE__, __LINE__);

        $this->_acl = new Zend_Acl();

        $this->_addRoles();
        $this->_addResource();
        $this->_addPrivilege();

        Zend_Registry::set('Zend_Acl', $this->_acl);
	}

	private function _addRoles ()
	{
	    // загрузка ролей
 		$slot = new Agitum_Model_Cache_Slot_Role_Tree();
        $data = $slot->load();
        if ( !$data ) {
        	$r = new Agitum_Model_Role();
        	$data = $r->getTree();
        	$slot->addTag( new Agitum_Model_Cache_Tag_Role_Tree() );
        	foreach ( $data as $i => $row ) {
        		$slot->addTag( new Agitum_Model_Cache_Tag_Role($row['id']) );
        	}
        	$slot->save($data);
        }
        
        $parents = array();
        foreach ( $data as $id => $row ) {
        	if ( isset($parents[$row['pid']]) ) {
//        		echo "acl->addRole(new Zend_Acl_Role({$row['name']}), {$parents[$row['pid']]} );<br/>";
        	    $this->_acl->addRole(new Zend_Acl_Role($row['name']), $parents[$row['pid']] );
        	} else {
//        	    echo "acl->addRole(new Zend_Acl_Role({$row['name']})); ".$_SERVER['REQUEST_URI']."<br/>";
        		$this->_acl->addRole(new Zend_Acl_Role($row['name']));
        	}
        	$parents[ $row['id'] ] = $row['name'];
        }
    }
    
    private function _addResource() 
    {
        $slot = new Agitum_Model_Cache_Slot_Resource_Tree();
        $data = $slot->load();
        if ( !$data ) {
        	$r = new Agitum_Model_Resource();
        	$data = $r->getTree();
        	$slot->addTag( new Agitum_Model_Cache_Tag_Resource_Tree() );
        	foreach ( $data as $i => $row ) {
        		$slot->addTag( new Agitum_Model_Cache_Tag_Resource($row['id']) );
        	}
        	$slot->save($data);
        }
        
        $parents = array();
        foreach ( $data as $id => $row ) {
        	if ( isset($parents[$row['pid']]) ) {
//        	    echo "acl->addResource({$row['name']}, {$parents[$row['pid']]})<br/>";
        	    $this->_acl->addResource($row['name'], $parents[$row['pid']]);
        	} else {
//        	    echo "acl->addResource({$row['name']})<br/>";
        	    $this->_acl->addResource($row['name']);
        	}
        	$parents[ $row['id'] ] = $row['name'];
        }
    }
    
    private function _addPrivilege() 
    {
        $slot = new Agitum_Model_Cache_Slot_Privilege_List();
		$data = $slot->load();
        if ( !$data ) {
        	$data = Agitum_Model_Privilege::getPrivileges();
            $slot->addTag( new Agitum_Model_Cache_Tag_Privilege_List() );
            foreach ( $data as $i => $row) {
                $slot->addTag( new Agitum_Model_Cache_Tag_Privilege($row['id']) );
            }
        	$slot->save($data);
        }

		foreach ( $data as $i => $item ) {
		    $r = var_export($item['rights'], true);
			switch($item['allowed']) {
				case true: {
//					echo "acl->allow({$item['role']}, {$item['resource']}, $r)<br/>";
					$this->_acl->allow($item['role'], $item['resource'], $item['rights']);
					break;
				}
				case false: {
//					echo "acl->deny({$item['role']}, {$item['resource']}, $r)<br/>";
					$this->_acl->deny($item['role'], $item['resource'], $item['rights']);
					break;
				}
			}
		}
    }
}